Tag Archives: CCNA Wireless answers 2013

CCNA Wireless Chapter 17 Exam Answers

The 4 main threats to wireless NW’s are:
1) Ad-hoc NW formation
2) Rogue AP’s
3) Client missassociations
4) Directed wireless network attacks

What exactly is client missassociation?
An SSID profile is saved and active scanning is in operation, resulting in a client connecting to a network without knowing

What are 4 examples of directed wireless network attacks?
1) DoS
2) Recon probes
3) Authent. penetration
4) MITM attacks

How are directed wireless network attacks most often mitigated?
By authenticating and encrypting management frames.

What is this process of mitigation called exactly?
MFP: management frame protection

Management frames are usually sent unauthenticated and unencrypted

What does MFP do to management frames?
It digitally signs them

The two MFP modes are:
1) Infrastructure
2) Client

In infrastructure MFP,
A hash is generated for every management frame and placed before the FCS

Client MFP is only available with…
CCX 5+ “Cisco compatible extensions”

What does Client MFP/CCX do to management frames
It uses 802.11i to encrypt mgmt frames between the client and the AP

What does Client MFP/CCX defend most effectively against?
MITM and DoS attacks

In Client MFP/CCX, a key is generated for each AP

Why can’t mobile devices associate with MFP LAN’s?
They don’t have the processing power required for the extra encryption/authentication techniques

2 older security methods are:
1) SSID —> wrong SSID? no association
2) MAC authentication

What is open authentication?
It means no authentication key is required

What is the 4 step process to open authentication?
1) Probe
2) Probe response
3) Auth
4) Auth response

In WEP authentication, a ____ key is used to encrypt traffic
WEP key

In WEP, the header is not encrypted is not encrypted, but the the data is is

What encryption type does WEP use?

What are the 3 different sizes for WEP keys?
40 bits
104 bits
128 bits

In WEP, every key is combined with an….
Initialization vector

What is the basic process of WEP association?
1) Auth request
2) Challenge text packet
3) Challenge text encrypted by supplicant
4) If AP able to decrypt properly supplicant has the right key

EAP is defined under which two RFC’s?
2284, and 3748

EAP usually works alongside..
802.1x or RADIUS

The 4 EAP message types are
1) Request — to supplicant
2) Response — from supplicant
3) Success
4) Failure

What is Cisco LEAP?
A proprietary username/PW based auth. system between a client and a RADIUS server

What is Cisco LEAP’s weakness?
Susceptible to eavesdropping

EAP-TLS is defined under…
RFC 2716

EAP-TLS uses… _________ for authentication
Digital certificates

EAP-TLS uses…__________ to secure communications between client and RADIUS server

In EAP-TLS, the ________ and __________ authenticate to eachother
client and server

What is TLS based on?
SSL 3.0

What did EAP-TTLS add to EAP-TLS?

PEAP is very similar to..

What are the 3 authentication options for PEAP?

What is fast-reconnect?
Roaming b/t AP’s made seamless b/c TLS session ID’s are cached by WLC

The 3 roles of the 802.1x framework are…
1) Supplicant
2) Authenticator
3) Authentication server

It can be said that the authenticator controls __________ access to the network

If a Cisco ACS is being used as the Authentication server, more _____________ methods of authentication are available

802.1x: After the client sends a probe request to the AP, the AP will respond with a…
AP probe response which contains sec params.

What happens after the AP sends its probe response?
The client is associated but traffic is blocked until 802.1x auth is complete

The 802.1x authentication challenge is encrypted by

How does the client response to this challenge?
With a credential response

What does authenticator do with the credential response?
Converts it to a RADIUS access request and sends it to the AS

What does the AS do upon receiving the RADIUS access request?
It responds with a challenge that specifies what credentials are required of the supplicant

What happens if the client responds with the correct credentials?
The AS transmits a success message and encryption key

WPA2 is aka

What is a PMK?
Pairwise master key,
It is created on a RADIUS server when a client authenticates

Where is the PMK sent?
From the AS to the authenticator

What is PMK used for?
To encrypt the exchange of the temporal session key

What is the PMK derived from that results in the authenticator and supplicant having the same one?
It is derived from client information

PMK’s are used to make PTK’s and GTK’s.

PTK’s and GTK’s are made in a
4 way handshake process

WPA2-PSK is aka
personal mode

WPA2-PSK is encrypted with…
A 256 bit PMK

CCNA Wireless Chapter 9 Exam Answers

In a wireless model, frames generally go from a lightweight AP to a WLC

A WLC is…
A WiLAN controller

Active scanning is…
When a client sends probes out

Passive scanning is..
When a client waits for beacons

What comes first, the auth request or the assoc request frame when a client attempts to connect to an AP?
The auth request comes first

Briefly count off the steps for wireless association to an AP
1) Client sends probe
2) AP sends probe response
3) Client sends auth request
4) AP sends auth response
5) Success message sent
6) Association request sent by client
7) Association response sent by AP
8) Client uses RSSI and SNR to determine what speed to send at

Management frames are sent at the …
Lowest possible rate

Data headers are sent at the…
Lowest possible rate

Actual data is sent at the…
Highest possible rate

If a wireless client is sending to a host on a different subnet and has never done so before, it will need to perform the ___ operation to find the ____ address of the __________ gateway
ARP, MAC, default

In an ARP frame sent from a client, the source address is the…the destination address is the…and the receiving address is the…
Host sending ARP
Broadcast because its an ARP broadcast

What interframe space do ACK frames use?
SIFS – short interframe space

The LWAPP adds a ____________ _____________ frames travelling from the AP to the WLC
6 byte header

Who translates 802.11 frames into 802.3 frames in a centralized wireless setup?
The wireless LAN controller

The two main types of WLAN implementation methods are:
1) Distributed (autonomous AP’s)
2) Centralized (LAP + WLC)

WLC’s are responsible for… (5 things)
1) Security policies
2) Intrusion prevention
3) RF management
4) QoS
5) Mobility

LAP’s handle real-time MAC layer services while WLC’s handle non-real-time MAC layer services

Non real time MAC layer services handled by the WLC include:
1) Authentication
2) Association and reassociation (aka mobility)
3) Frame translation and bridging

Public networks broadcast their SSID in a beacon
But private networks wait for probe-requests

In a distributed setup, the address fields are setup as follows in the 802.11 frame:
Field 1: AP = receiving address
Field 2: Source address
Field 3: Destination address
Field 4: Unused

The Ethertype of LWAPP is…

LWAPP can operate at ______ or ______
Layer 2 or layer 3

If LWAPP is operating at L2, do AP’s need IP’s?

If LWAPP is operating at L3, do AP’s need IP’s?

The trunking protocol is called…

The trunking protocol adds a ____________ to 802.3 frames
4 byte header

The header added by 802.1q contains what 2 things
2) TCI

The TCI contains…
User priority, 1 bit canonical format, 12 bit VLAN ID

What are the reserved VLAN ID’s?
1 = default
1002 = FDDI
1003 = TR
1004 = FDDINET
1005 = TRNET